How about a Draytek Vigor 2820Vn?
You can have 4 SSIDs with differing levels of encryption and each wireless network can be throttled up and downstream. It's a bit pricey but will do the job well and you can lots more with it if you want to.
Ok, this is where I'm upto...
Unfortunately, connecting using PPPoE from DD-WRT (on the WRT320N) via the DG834G (in modem only mode) presented another problem. The ISP requires PPPoA and using PPPoE instead, causes the connection speed to be throttled drastically (10Mbps down to 1Mbps).
Therefore, I have reverted the DG834G to normal (modem & router) mode and used this to handle the ADSL connection via PPPoA. The DG834G has an internal IP of 192.168.0.1, NAT and DHCP enabled. The WRT320N is connected to the DG834G via its WAN port and gets a WAN IP address of 192.168.0.2 via DHCP. Its internal IP address is still 192.168.1.1 as default.
The WRT320N then hands out IP addresses via DHCP in the 192.168.1.0 range. There is also an additional VLAN setup with its own DHCP handing out addresses in the 192.168.3.0 range via a Wireless Access Point plugged into port 4 of the WRT320N.
This all seems to work fine:
no need to change default MTU values on clients;
guests (clients on 192.168.3.0 subnet) cannot access PCs/resources on main 192.168.1.0 subnet;
all clients (regardless of subnet) have full internet access at the correct speed;
However, guests (192.168.3.0 subnet) can access both routers' webadmin GUIs and presumably (although I haven't tested it) anything plugged into the DG834G's remaining ports (192.168.0.0 subnet). Is there a way of preventing this? Something along the lines of dropping requests to 192.168.0.1 (or the entire 192.168.0.0 subnet) and 192.168.1.1 if they originate from anything on the 192.168.3.0 subnet. Is this possible?
And finally, can anyone foresee any issues with this setup? Double NAT (although I confess to not really understanding if this even happens and whether it is bad if it does!)?